Open Source Software Policy Design

Having a clearly defined Open Source Software Policy is fundamental to the success of a professionally managed open source software program. The policies defined will guide organisations on decision making process in managing risk in open source software and will enable the implementation of a Continuous Compliance Program

The Open Source Software Policy will be unique to every organisations but will typically cover:

What is the strategy?Why do we need OSS, and why do we need a policy?

Licensing policy

Acceptable licences

License compliance

Security vulnerability management

Service Level Agreements

Contribution

How can developers contribute to external projects

How can external developers contribute to the organisations projects

What is the Scope?Who is covered?

What is covered?

Different rules for different groups or business units sometimes

necessary

How to apply

Guidelines, whitelists & blacklists, tools, checklists, etc.

How to communicate

Obligations, contributions, public forums

Source Code Control Limited work in partnership with clients to define and maintain Open Source Software Policies.

The steps we go through are:

Workshops to define the needs of an organisation

What policies are in place?

Are they working?

Discovery

Identify all third party software in use or planned to be used

Review and approval

Review of open source software in products

Are they mandated by a company policy?

Obligation Satisfaction

Compliance practices to needed to satisfy open source software obligations

Community contributions

Review and approval of employee contributions to community projects

Are there any?

Policy

Corporate policy for the use of open source software

Protecting company interests

Training & Education

Communication needed to ensure compliance

Educate employees why there is a policy

Educate employees what is the policy and their responsibilities

Policy maintenance

Regular reviews of policy effectiveness

Modify to align with changing business needs

Open Source Software Policy in Practice

The policy provides guidance across all areas of the business impacted by risk in open source software. An organisation can transparently demonstrate to external customers and partners the policy in order to drive customer and partner satisfaction, enable confidence in prospective clients and enable developers to focus on what they are best at, creating great software that delivers.